CircleIDLatest posts on CircleID2019-05-24T14:22:00-08:00tag:circleid.com,2002:master-feedhttp://www.circleid.com/images/logo_rss.gifhttp://www.circleid.com/images/logo_rss_icon.gifSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with My AOLSubscribe with BloglinesSubscribe with NetvibesSubscribe with GoogleSubscribe with PageflakesMaking Voting Easy is Scaring the Life Out of Security Expertstag:circleid.com,2019:blogs/1.119102019-05-24T14:22:00-08:00Dr. John R. Patrick<p>Apollo 11 was the spaceflight which landed the first two humans on the Moon. Commander Neil Armstrong and lunar module pilot Buzz Aldrin landed the Apollo Lunar Module, <em>Eagle</em>, on July 20, 1969. Armstrong became the first person to step onto the lunar surface six hours later, and Aldrin joined him 19 minutes later. The two astronauts spent about two and a quarter hours outside the spacecraft, and they collected 47.5 pounds of lunar material to bring back. Command module pilot Michael Collins flew the command module, <em>Columbia</em>, alone in lunar orbit while Armstrong and Aldrin were on the Moon's surface. Armstrong and Aldrin spent 21.5 hours on the lunar surface before rejoining <em>Columbia</em> in lunar orbit, and then returning to Earth. The documentary movie was fantastic and included never before seen footage.
</p>
<p>
I was two years out of engineering school at the time of the historic flight. Although I was not involved in any way, my employer, IBM, was one of the lead contractors. I was proud of that, but I remember being on the edge of my chair in fear. There were so many things which could go wrong. Imagine being strapped in on top of a three-stage rocket. The first stage was 138 feet tall, 33 feet in diameter, and full of liquid oxygen. The first stage provided over 7,600,000 pounds of thrust. While I was in fear, the three astronauts were fearless. They believed in the technology.
</p>
<p>
Speaking of fear, this week, the Los Angeles Times published "The vote-by-phone tech trend is scaring the life out of security experts". Vote-by-phone (and Internet voting) has been tested successfully by West Virginia and others. Estonia has been using it for more than a decade without issues. Vint Cerf, one of the fathers of the Internet, properly said, "We can do this." But the security experts are afraid like I was about Apollo 11 in 1969. It almost seems they enjoy being quoted in the press about all the things which could go wrong. We could put men on the Moon 50 years ago and a robot on Mars more recently, but we can't figure out how to vote electronically with security, privacy, and verifiability? Why aren't the "experts" willing to say we could do it if we planned carefully and took precautions A, B, and C?
</p>
<p>
The bottom line reason, in my view, is the experts compare Internet voting to a perfect online system which we will never ever have, and they are unwilling to compare it to the 150-year-old paper-based system of today which disenfranchises millions of voters. This morning, Axios reported the 2020 election turnout might be the biggest of all times. I am afraid. What I am afraid of is hours-long lines, broken 15-year-old voting machines, elderly people standing in line in inclement weather and damaging their health, ballots from overseas getting lost in the mail or arriving late and not counted, paper ballots in the U.S. not getting counted because something was wrong with the signature on the outer envelope, and thousands (or millions) of others who were unable to get to the polls due to last minute issues with work or family. When it comes to voting, we should worry about Russian attempts to influence us, but we should also worry about a repeat of 2016 when 100 million eligible voters did not vote because they could not get to the polls. Congressmen, afraid of technology, want to go to all paper rather than fund investments in technology, as we do for NASA, to strengthen our democracy in a way which makes it safe and convenient for American citizens.
</p>
<p>
<em>"Silicon Valley is having some success in a crusade for voting by phone. Computer security experts are aghast to see election officials signing on."</em> (<a href="https://www.latimes.com/politics/la-na-pol-voting-by-phone-20190516-story.html">LA Times</a> / MAY 16, 2019)
</p><p><em>Written by <a href="http://www.circleid.com/members/699/">Dr. John R. Patrick</a>, President of Attitude LLC</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/cybersecurity">Cybersecurity</a>, <a href="http://www.circleid.com/topics/mobile_internet">Mobile Internet</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=GDn1oD4aqOs:-DeiBQkmQEk:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GDn1oD4aqOs:-DeiBQkmQEk:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=GDn1oD4aqOs:-DeiBQkmQEk:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GDn1oD4aqOs:-DeiBQkmQEk:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=GDn1oD4aqOs:-DeiBQkmQEk:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GDn1oD4aqOs:-DeiBQkmQEk:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GDn1oD4aqOs:-DeiBQkmQEk:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=GDn1oD4aqOs:-DeiBQkmQEk:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GDn1oD4aqOs:-DeiBQkmQEk:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>SpaceX Succeeds in Launching Its First Full Batch of Starlink Internet Satellitestag:circleid.com,2019:news/6.119162019-05-24T13:11:00-08:00CircleID Reporter<p><span style="font-size:85%;line-height:1.4em;color:#666666;margin:15px 0;display:block;"><a href="http://www.circleid.com/images/uploads/11916.jpg"><img src="http://www.circleid.com/images/uploads/11916.jpg" border="0" style="display:block;width:100%;height: auto;margin-bottom:10px;" /></a><strong>MAY 23, 2019</strong> / Falcon 9 launches 60 Starlink satellites to orbit. </span>
</p>
<p>
<strong>SpaceX on Thursday successfully <a href="https://www.spacex.com/news/2019/05/24/starlink-mission">launched</a> 60 Starlink satellites</strong> with its Falcon 9 rocket from Space Launch Complex 40 at Cape Canaveral Air Force Station, Florida. The launch begins SpaceX's next-generation satellite network mission to provide more reliable and affordable broadband internet services to billions.
</p>
<p>
&mdash; <strong>What's next:</strong> "The Federal Communications Commission has already granted SpaceX permission to launch the entirety of its nearly 12,000-satellite constellation. SpaceX launched its first two test satellites, TinTin A and TinTin B, in February of 2018, and the company now has about six years to launch half of the full constellation to bring its license with the FCC into full use." (<a href="https://www.theverge.com/2019/5/15/18624630/spacex-elon-musk-starlink-internet-satellites-falcon-9-rocket-launch-live">TheVerge</a> / May 23, 2019)
</p>
<p>
&mdash; <strong>Why so many:</strong> While there are already close to a couple of thousand functioning satellites in orbit, low earth orbit (LEO) satellite initiatives such as SpaceX and OneWeb provide several advantages including better signal strength, lower latency and the need for less power (about 1 watt) for transmission. The downside is the lesser distance above the earth means less coverage and hence the need for a large number of satellites to cover entire regions.
</p>
<p>
&mdash; <strong>Space clogging and debris:</strong> With the eventual launch of tens of thousands of LEO satellites, some experts have raised concerns of clogging up space, risks of in-flight collisions, and space debris. Reporting on CirlceID, Larry Press <a href="http://www.circleid.com/posts/20190523_might_satellite_constellations_learn_to_avoid_debris/">writes</a>: "The ESA estimates that there have been over 500 break-ups, explosions, collisions, or anomalous events resulting in fragmentation and they estimate that there are 34,000 debris objects >10 cm, 900,000 from 1 to 10 cm and 128 million from 1 mm to 1 cm. NASA says there are there are more than 20,000 pieces of debris larger than a softball, 500,000 the size of a marble or larger many millions so small they can't be tracked."
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/access_providers">Access Providers</a>, <a href="http://www.circleid.com/topics/broadband">Broadband</a>, <a href="http://www.circleid.com/topics/wireless">Wireless</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=-NNPYtPpob8:9L5lvzHk2ck:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=-NNPYtPpob8:9L5lvzHk2ck:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=-NNPYtPpob8:9L5lvzHk2ck:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=-NNPYtPpob8:9L5lvzHk2ck:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=-NNPYtPpob8:9L5lvzHk2ck:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=-NNPYtPpob8:9L5lvzHk2ck:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=-NNPYtPpob8:9L5lvzHk2ck:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=-NNPYtPpob8:9L5lvzHk2ck:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=-NNPYtPpob8:9L5lvzHk2ck:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>The Impact of Satellite Broadbandtag:circleid.com,2019:blogs/1.119152019-05-24T12:32:00-08:00Doug Dawson<p><a href="http://www.circleid.com/images/uploads/11915.jpg"><img src="http://www.circleid.com/images/uploads/11915.jpg" border="0" style="float:right;padding:0 0 10px 15px;width:300px;" /></a>Recently I've had several people ask me about the expected impact of low-orbit satellite broadband. While significant competition from satellites is probably a number of years away, there are several major initiatives like StarLink (Elon Musk), Project Kuiper (Amazon), and OneWeb that have announced plans to launch swarms of satellites to provide broadband.
</p>
<p>
At this early stage, it's nearly impossible to know what impact these companies might have. We don't know anything about their download and speed capacity, their pricing strategy, or their targeted market, so it's impossible to begin to predict their impact. We don't even know how long it's going to take to get these satellites in space since these three companies alone have plans to launch over 10,000 new satellites &#8212; a tall task when compared to the 1,100 satellites currently active in space.
</p>
<p>
Even without knowing any of these key facts, <a href="https://broadbandnow.com/">BroadbandNow</a> recently grabbed headlines around the industry by predicting that low-orbit satellites will bring an annual savings of $30 billion for US broadband customers. Being a numbers guy, I never let this kind of headline pass without doing some quick math.
</p>
<p>
They explain their method of calculation on their <a href="https://broadbandnow.com/research/leo-satellite-internet-consumer-savings-study?mc_cid=24b0ba6ff9&amp;mc_eid=c0235d9575">web site</a>. They are making several major assumptions about the satellite industry. First, they assume the satellite providers will compete on price and will compete in every market in the country. Since the vast majority of American live in metro areas, BroadbandNow is assuming the satellite providers will become a major competitor in every city. They also assume that the satellites will be able to connect to a huge number of customers in the US, which will force other ISPs to lower prices.
</p>
<p>
Those assumptions would have to be true to support the $30 billion in projected annual consumer savings. That is an extraordinary number and works out to be a savings of almost $20 per month for every household in the US. If you spread the $30 billion over only those households that buy broadband today, that would be a savings of over $23 per month. If your further factor out the folks who live in large apartments and don't get a choice of their ISP, the savings jumps to $27 per household per month. The only way to realize savings of that magnitude would be from a no-holds-barred broadband price war where the satellite providers are chewing into market penetrations everywhere.
</p>
<p>
I foresee a different future for the satellite industry. Let's start with a few facts we know. While 10,000 satellites is an impressive number, that's a worldwide number and there will be fewer than 1,000 satellites over the US. Most of the satellites are tiny &#8212; these are not the same as the huge satellites launched by HughesNet. Starlink has described their satellites as varying in size between a football and a small dorm refrigerator. At those small sizes, these satellites are probably the electronic equivalent of the OLT cabinets used as neighborhood nodes in an FTTH network &#8212; each satellite will likely support some limited and defined number of customers. OneWeb recently told the FCC in a spectrum docket that they are envisioning needing one million radio links, meaning their US satellites would be able to serve one million households. Let's say that all of the satellite providers together will serve 3 &#8212; 5 million homes in the US &#8212; that's an impressive number, but it's not going to drive other ISPs into a pricing panic.
</p>
<p>
I also guess that the satellite providers will not offer cheap prices &#8212; they don't need to. In fact, I expect them to charge more than urban ISPs. The satellite providers will have one huge market advantage &#8212; the ability to bring broadband where there isn't landline competition. The satellite providers can likely use all of their capacity selling only in rural America at a premium price.
</p>
<p>
We still have no real idea about the speeds that will be available with low-orbit satellite broadband. We can ignore Elon Musk who claims he'll be offering gigabit speeds. The engineering specs show that a satellite can probably make a gigabit connection, but each satellite is an ISP hub and will have a limited bandwidth capacity. Like with any ISP network, the operator can use that capacity to make a few connections at a high bandwidth speed or many more connections at slower speeds. Engineering common sense would predict against using the limited satellite bandwidth to sell gigabit residential products.
</p>
<p>
That doesn't mean the satellite providers won't be lured by big bandwidth customers. They might make more money selling gigabit links at a premium price to small cell sites and ignoring the residential market completely. It's a much easier business plan, with drastically lower operating costs to sell their capacity to a handful of big cellular companies instead of selling to millions of households. That is going to be a really tempting market alternative.
</p>
<p>
I could be wrong, and maybe the satellite guys will find a way to sell many tens of millions of residential links and compete in every market, in which case they would have an impact on urban broadband prices. But unless the satellites have the capacity to sell to almost everybody, and unless they decide to compete on price, I still can't see a way ever to see a $30 billion national savings. I instead see them making good margins by selling where there's no competition.
</p><p><em>Written by <a href="http://www.circleid.com/members/8383/">Doug Dawson</a>, President at CCG Consulting</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/access_providers">Access Providers</a>, <a href="http://www.circleid.com/topics/broadband">Broadband</a>, <a href="http://www.circleid.com/topics/wireless">Wireless</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=GxEsVnj74Pg:WRgENJV90N8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GxEsVnj74Pg:WRgENJV90N8:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=GxEsVnj74Pg:WRgENJV90N8:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GxEsVnj74Pg:WRgENJV90N8:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=GxEsVnj74Pg:WRgENJV90N8:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GxEsVnj74Pg:WRgENJV90N8:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GxEsVnj74Pg:WRgENJV90N8:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=GxEsVnj74Pg:WRgENJV90N8:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=GxEsVnj74Pg:WRgENJV90N8:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Food for Thought on the "New TLD" Business Modelstag:circleid.com,2019:blogs/1.119132019-05-24T07:28:00-08:00Loic Damilaville<p>There is always some degree of confusion in discussions about the "new TLDs". Some points of view try to be optimistic, others on the contrary only highlight the bad news, and most refer indistinctly to the "new TLDs" as if they did not break down into different segments, each of which obeys dynamics and constraints of its own.
</p>
<p>
The purpose of this post is to provide some food for thought and to shed some light on those dynamics and constraints, not only for the stakeholders in the domain name ecosystem but also for all those who might want to obtain their own TLD one day.
</p>
<p>
A second objective is to show that the key success factors for these different types of TLDs are clearly not volume-based, at least for some of them. The concept of volume only makes sense for "commercial" nTLDs, the longevity of which is based on the sale of domain names to third parties. The success of a TLD relies more on its ability to generate value for its registry and the Internet community, and this value is measured differently from segment to segment.
</p>
<p>
You will find the whole text of this post <a href="https://www.afnic.fr/en/resources/blog/food-for-thought-on-the-new-tld-business-models.html">here</a> on Afnic's website.
</p><p><em>Written by <a href="http://www.circleid.com/members/4444/">Loic Damilaville</a>, Market Research Manager at Afnic</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/domain_names">Domain Names</a>, <a href="http://www.circleid.com/topics/registry_services">Registry Services</a>, <a href="http://www.circleid.com/topics/new_tlds">New TLDs</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=RI0MVrJgnVc:eDKhUoQ1z4o:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=RI0MVrJgnVc:eDKhUoQ1z4o:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=RI0MVrJgnVc:eDKhUoQ1z4o:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=RI0MVrJgnVc:eDKhUoQ1z4o:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=RI0MVrJgnVc:eDKhUoQ1z4o:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=RI0MVrJgnVc:eDKhUoQ1z4o:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=RI0MVrJgnVc:eDKhUoQ1z4o:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=RI0MVrJgnVc:eDKhUoQ1z4o:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=RI0MVrJgnVc:eDKhUoQ1z4o:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>UK Announces $28M Fund for Army Cyber Operations Centerstag:circleid.com,2019:news/6.119122019-05-23T15:12:00-08:00CircleID Reporter<p><strong>The UK Ministry of Defence</strong> has announced a £22m ($28 million) fund for the development of British Army cyber operations centers across the country. British Defense Secretary Penny Mordaunt made the announcement during a conference in London at the UK's National Cyber Security Centre. "It's time to pay more than lip service to cyber," said Mordaunt. "We must convince our adversaries their advances simply aren't worth the cost. Cyber enemies think they can act with impunity. We must show them they can't. That we are ready to respond at a time and place of our choosing in any domain, not just the virtual world."
</p>
<p>
&mdash; <strong>"The cyber centers will provide</strong> the Army with 24/7 information and analysis, dispel misinformation and give the UK Armed Forces and our allies the upper hand on emerging digital threats. The centers are likely to be used to support overseas operations, humanitarian missions, and efforts to protect UK digital communications on home soil." (<a href="https://www.gov.uk/government/news/cyber-innovation-at-the-forefront-of-uks-approach-to-modern-warfare">GOV. UK</a>)
</p>
<p>
&mdash; <strong>The funding is part of</strong> the UK military’s increasing work in cyber capabilities as part of the £1.9B investment into the National Cyber Security Strategy <a href="https://www.army-technology.com/uncategorised/newsuk-launches-19bn-national-cyber-security-strategy-to-prevent-cyber-attacks-5657490/">announced in November 2016</a>.
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/cybersecurity">Cybersecurity</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=MGLUfvRVZsU:k4gR42ARg40:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=MGLUfvRVZsU:k4gR42ARg40:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=MGLUfvRVZsU:k4gR42ARg40:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=MGLUfvRVZsU:k4gR42ARg40:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=MGLUfvRVZsU:k4gR42ARg40:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=MGLUfvRVZsU:k4gR42ARg40:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=MGLUfvRVZsU:k4gR42ARg40:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=MGLUfvRVZsU:k4gR42ARg40:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=MGLUfvRVZsU:k4gR42ARg40:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Might Satellite Constellations Learn to Avoid Debris?tag:circleid.com,2019:blogs/1.119112019-05-23T14:02:00-08:00Larry Press<p><span style="font-size:85%;color:#666666;padding:0 0 2px 10px;margin:0 0 15px 10px;border-left:1px solid #ddd;width:300px;float:right;line-height:1.4em;"><a href="http://www.circleid.com/images/uploads/11911.jpg"><img src="http://www.circleid.com/images/uploads/11911.jpg" border="0" style="width:300px;display:block;margin-bottom:10px;" /></a>There were no artificial satellites before Sputnik in 1957. Today there are about 5,000 with plans for thousands more. <em>(Image: NASA)</em></span>Space debris is problematical.
</p>
<p>
The European Space Agency (ESA) <a href="https://www.esa.int/Our_Activities/Space_Safety/Space_Debris/Space_debris_by_the_numbers">reported</a> that as of January 2019 there were about 5,000 satellites in space and 1,950 of them are still functioning. Hopefully, those functioning satellites have fuel and thrusters that will enable them to de-orbit and (mostly) burn up in the atmosphere when their useful life is finished. The remaining 3,050 are slowly drifting, along with a lot of debris.
</p>
<p>
The ESA estimates that there have been over 500 break-ups, explosions, collisions, or anomalous events resulting in fragmentation and they estimate that there are 34,000 debris objects &gt;10 cm, 900,000 from 1 to 10 cm and 128 million from 1 mm to 1 cm. <a href="https://www.nasa.gov/mission_pages/station/news/orbital_debris.html">NASA says there are</a> there are more than 20,000 pieces of debris larger than a softball, 500,000 the size of a marble or larger many millions so small they can't be tracked. (<em>watch:</em> <a href="https://www.youtube.com/watch?v=JmVt92d5bd4">NASA's Animation Shows Massive Space Junk Around Earth</a>)
</p>
<p>
In low-earth orbit (LEO), <a href="https://orbitaldebris.jsc.nasa.gov/faq/">debris circles the Earth</a> at speeds of about 7 to 8 km/s. However, the average impact speed of orbital debris with another space object is approximately 10 km/s and can be up to about 15 km/s, which is more than 10 times the speed of a bullet. At those speeds, a collision with a small object can do significant damage. This sounds like a disaster waiting to happen and the current and planned proliferation of LEO satellites increases the likelihood of a <a href="https://www.wikiwand.com/en/Kessler_syndrome">Kessler Syndrome</a> event &#8212; a cascade of collisions between satellites and the ensuing debris.
</p>
<p>
As <a href="http://www.spacesafetymagazine.com/space-debris/kessler-syndrome/don-kessler-envisat-kessler-syndrome/">Kessler says</a> "The cascade process can be more accurately thought of as continuous and as already started, where each collision or explosion in orbit slowly results in an increase in the frequency of future collisions." If you are<em></em>n't worried yet, watch the following short video or read <a href="https://web.archive.org/web/20160304042750/http://webpages.charter.net/dkessler/files/Collision Frequency.pdf">Kessler's 1978 paper</a>.
</p>
<p>
<div class="videoContainer"><iframe width="560" height="315" src="https://www.youtube.com/embed/xgGm5odlIh4" frameborder="0" allowfullscreen></iframe></div>
<p>
Kessler's warning was taken seriously and NASA and others have been <a href="https://orbitaldebris.jsc.nasa.gov/mitigation/">working on debris mitigation policy and technology</a> for years, but the silver bullet has not been found. The <a href="http://www.au.af.mil/au/awc/awcgate/usspc-fs/space.htm">Space Surveillance Network</a> tracks approximately <a href="https://www.space-track.org/documentation#/faq">23,000 relatively large objects</a> and you can query the database <a href="https://www.n2yo.com/database/">here</a>, but what about the millions of objects that are too small to track?
</p>
<p>
The SpaceX <a href="https://www.spacex.com/sites/spacex/files/starlink_mission_press_kit.pdf">press release for their Starlink Mission</a> hinted at their collision-avoidance strategy, saying that:
</p>
<blockquote><p><em>Each spacecraft is equipped with a Startracker navigation system that allows SpaceX to point the satellites with precision. Importantly, Starlink satellites are capable of tracking on-orbit debris and autonomously avoiding a collision.</em></p></blockquote>
<p>
That sounds promising, but autonomously resolving and recognizing a marble-sized object that is approaching at up to 15 km/s, computing its trajectory and firing thrusters to avoid a collision can't be done &#8212; even by Elon Musk.
</p>
<p>
Relatively few debris objects can be tracked terrestrially, but a satellite might be able to recognize a piece of debris and transmit its characteristics to a terrestrial processor, greatly expanding the tracking database. SpaceX may be approaching this as a machine-learning problem in which <em>the entire constellation</em>, not individual satellites, is learning to avoid collisions.
</p>
<p>
That is pure speculation, but it was triggered by a few thoughts.
</p>
<p>
For a start, at the end of 2017, SpaceX delivered a <a href="https://www.nasa.gov/mission_pages/station/research/news/sensor_to_monitor_orbital_debris_outside_ISS">space debris sensor (SDS) </a> to the International Space Station. As shown in the following short video, the SDS is capable of monitoring the size, speed, direction, and density of small particles that impact it.
</p>
<p>
<div class="videoContainer"><iframe width="560" height="315" src="https://www.youtube.com/embed/V7YcSre8O-A" frameborder="0" allowfullscreen></iframe></div>
<p>
Elon Musk also has a strong interest in machine learning &#8212; he was a co-founder of <a href="https://openai.com/">openAI</a> and his Tesla cars act as sensors uploading driving data that is used for training autonomous vehicles.
</p>
<p>
Going out to the very end of the limb &#8212; Musk is a fan of science fiction and speculation on the possibility of a swarm of man-made objects learning about existential risks is reminiscent of emergent intelligence in Asimov's fictional planet <a href="https://www.wikiwand.com/en/Gaia_(Foundation_universe)">Gaia</a> or Teilhard de Chardin's <a href="https://www.wikiwand.com/en/Noosphere">noosphere</a>).
</p>
<p>
Musk <a href="https://cis471.blogspot.com/2016/04/the-tesla-model-3-reminds-me-of.html">opened his Tesla patents</a> and, if SpaceX demonstrates the feasibility of this approach to debris avoidance (and perhaps one-day removal), I expect that he would share this technology with competitors like <a href="https://cis471.blogspot.com/2017/08/oneweb-satellite-internet-project.html">OneWeb</a> and <a href="https://cis471.blogspot.com/2017/11/telesat-fourth-satellite-internet.html">Telesat</a> and the space agencies of <em>all</em> nations.
</p>
<p>
Like global warming, space debris is an example of a <a href="https://www.wikiwand.com/en/Tragedy_of_the_commons">tragedy of the commons</a> and is a threat to all nations. As the cartoon character Pogo said, "We have met the enemy and he is us." Ironically, global tragedies of commons can unite us.
</p><p><em>Written by <a href="http://www.circleid.com/members/7705/">Larry Press</a>, Professor of Information Systems at California State University</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/access_providers">Access Providers</a>, <a href="http://www.circleid.com/topics/broadband">Broadband</a>, <a href="http://www.circleid.com/topics/wireless">Wireless</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=iGReH9-DGUk:ezJgQtzPmvA:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=iGReH9-DGUk:ezJgQtzPmvA:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=iGReH9-DGUk:ezJgQtzPmvA:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=iGReH9-DGUk:ezJgQtzPmvA:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=iGReH9-DGUk:ezJgQtzPmvA:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=iGReH9-DGUk:ezJgQtzPmvA:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=iGReH9-DGUk:ezJgQtzPmvA:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=iGReH9-DGUk:ezJgQtzPmvA:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=iGReH9-DGUk:ezJgQtzPmvA:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Baltimore Gets Hacked: Main Computer Systems Crippled, Experts Estimate Months to Recovertag:circleid.com,2019:news/6.119082019-05-22T19:33:00-08:00CircleID Reporter<p><span style="font-size:85%;line-height:1.4em;color:#666666;margin:0 0 5px 0;display:block;"><a href="http://www.circleid.com/images/uploads/11908.jpg"><img src="http://www.circleid.com/images/uploads/11908.jpg" border="0" style="display:block;width:100%;height: auto;margin-bottom:10px;" /></a>Director of the Mayor's Office of Information Technology, Frank Johnson, gives an update on the ransomware attack that took control of the city's computer system the day prior.</span>
</p>
<p>
<strong>On May 7, hackers breached</strong> parts of the computer systems that run Baltimore's government, taking down essential systems such as voice mail, email, a parking fines database, payment systems used for water bills, property taxes, real estate transactions and vehicle citations. The ransom demanded by hackers is about $100,000 worth of bitcoin. As of today, over two weeks from the breach, Baltimore City Mayor Jack Young said the city won't pay. Experts estimate months for the city to recover. The authorities have identified the malware behind the attack as "RobbinHood," a relatively new ransomware variant, according to a <a href="https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-it-outage-20190507-story.html">May 7 report</a> from The Baltimore Sun. There have been more than 20 cyberattacks against municipalities in 2019 alone, according to <a href="https://www.npr.org/2019/05/21/725118702/ransomware-cyberattacks-on-baltimore-put-city-services-offline">NPR</a>.
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/cyberattack">Cyberattack</a>, <a href="http://www.circleid.com/topics/cybercrime">Cybercrime</a>, <a href="http://www.circleid.com/topics/cybersecurity">Cybersecurity</a>, <a href="http://www.circleid.com/topics/malware">Malware</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=X3iSFwPItr4:CgsW9ozsK9I:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=X3iSFwPItr4:CgsW9ozsK9I:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=X3iSFwPItr4:CgsW9ozsK9I:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=X3iSFwPItr4:CgsW9ozsK9I:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=X3iSFwPItr4:CgsW9ozsK9I:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=X3iSFwPItr4:CgsW9ozsK9I:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=X3iSFwPItr4:CgsW9ozsK9I:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=X3iSFwPItr4:CgsW9ozsK9I:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=X3iSFwPItr4:CgsW9ozsK9I:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>US Huawei Ban Threatens Internet Access in Rural Areas, Some Providers May Foldtag:circleid.com,2019:news/6.119072019-05-22T16:51:00-08:00CircleID Reporter<p><a href="http://www.circleid.com/images/uploads/11907.jpg"><img src="http://www.circleid.com/images/uploads/11907.jpg" border="0" style="width:100%;height: auto;display:block;margin:0 0 10px 0;" /></a>
</p>
<p>
<strong>Much of rural America</strong> with very low population density, depends on small wireless carriers for their internet access as AT&amp;T, T-Mobile and other large providers have no interest in providing services. Many of these small carries can't afford equipment from suppliers such as Ericsson and Nokia Corporation and have to rely on cheaper suppliers from Huawei Technologies Co. and other Chinese companies. The upcoming ban on U.S. telecommunications networks acquiring or using equipment from Chinese suppliers under a cloud of uncertainty, with some fearing bankruptcy. Rural broadband carriers could be forced to rip out and replace entire networks because they wouldn't be able to import spare parts or software updates to maintain infrastructure, Roger Entner, a telecom analyst at Recon Analytics <a href="https://www.latimes.com/la-fi-tn-rural-broadband-trump-huawei-sanctions-20190522-story.html">told LA Times</a>. More from LA Times:
</p>
<p>
&mdash; <strong>Replacing the network</strong> would cost $5 million to $10 million according to the President of Pine Belt Communications, a small telecommunications company in Alabama. "And downtime from installing new equipment would probably cause Pine Belt to forgo $1 million to $3 million in roaming fees, according to Federal Communications Commission filings."
</p>
<p>
&mdash; <strong>By one estimation:</strong> Carri Bennet, general counsel for the Rural Wireless Association, a trade group for carriers with fewer than 100,000 subscribers estimates 25% of the association's members used Huawei or ZTE gear in their networks.
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> </p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=4yS6vQZYMh4:r38S9f5QB7s:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=4yS6vQZYMh4:r38S9f5QB7s:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=4yS6vQZYMh4:r38S9f5QB7s:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=4yS6vQZYMh4:r38S9f5QB7s:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=4yS6vQZYMh4:r38S9f5QB7s:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=4yS6vQZYMh4:r38S9f5QB7s:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=4yS6vQZYMh4:r38S9f5QB7s:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=4yS6vQZYMh4:r38S9f5QB7s:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=4yS6vQZYMh4:r38S9f5QB7s:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>DDoS Storm Is Coming, Warn Researchers Noting an 84% Surge in the First Quarter of 2019tag:circleid.com,2019:news/6.119062019-05-22T13:21:00-08:00Carlos Morales<p><span style="font-size:85%;line-height:1.4em;color:#666666;margin:15px 0;display:block;"><a href="http://www.circleid.com/images/uploads/11906.png"><img src="http://www.circleid.com/images/uploads/11906.png" border="0" style="display:block;width:100%;height: auto;margin-bottom:10px;" /></a>Dynamics of the number of DDoS attacks in Q1 2019 (<em>Source: Kaspersky Lab</em>)</span>
</p>
<p>
<strong>The number of DDoS attacks</strong> during the first three months of 2019 increased by 84%, compared with the previous quarter. The most noticeable area of DDoS attack growth observed was in the number of DDoS attacks that lasted for more than an hour, according to a new <a href="https://securelist.com/ddos-report-q1-2019/90792/">report</a> issued by Kaspersky Lab. "These incidents doubled in quantity, and their average length increased by 487%." The geographical distribution of targets closely mirror the geographical distribution of attacks: the Top 3 were again China (59.85%), the US (21.28%), and Hong Kong (4.21%).
</p>
<p>
&mdash; <strong>One theory behind the sudden surge:</strong> "Over the last six months of the previous year, we have been observing less the redistribution of botnet capacity for other purposes and more the emergence of a market vacuum. Most likely, the supply deficit was linked to the clamping down on DDoS attacks, the closure of sites selling related services, and the arrest of some major players over the past year. Now it seems the vacuum is being filled: such explosive growth in the indicators is almost certainly due to the appearance of new suppliers and clients of DDoS services."
</p>
<p>
&mdash; <strong>Most dangerous day of the week:</strong> "Saturday was the most intensive day (accounting for 16.65% of attacks), with Friday in second place (15.39%). Sundays saw a relative lull &#8212; just 11.41% of attacks. Recall that in late 2018 Thursday had the largest share of DDoS attacks (15.74%), with Sunday again the most peaceful."
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/cyberattack">Cyberattack</a>, <a href="http://www.circleid.com/topics/cybersecurity">Cybersecurity</a>, <a href="http://www.circleid.com/topics/ddos">DDoS</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=KBtFqrBXNzk:Iredddznhuc:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=KBtFqrBXNzk:Iredddznhuc:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=KBtFqrBXNzk:Iredddznhuc:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=KBtFqrBXNzk:Iredddznhuc:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=KBtFqrBXNzk:Iredddznhuc:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=KBtFqrBXNzk:Iredddznhuc:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=KBtFqrBXNzk:Iredddznhuc:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=KBtFqrBXNzk:Iredddznhuc:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=KBtFqrBXNzk:Iredddznhuc:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Qualcomm’s Licensing Practices Are Illegal, U.S. Judge Rulestag:circleid.com,2019:news/6.119052019-05-22T11:38:00-08:00CircleID Reporter<p><strong>A U.S. district court judge rules</strong> that <a href="https://www.cnn.com/2019/05/22/tech/qualcomm-antitrust/index.html">Qualcomm violated anti-trust laws</a> and has ordered the chip maker to change some of its licensing and negotiation practices. The case brought to court in 2017 by the US Federal Trade Commission, accuses Qualcomm of illegally suppressing competition in the market for smartphone chips by threatening to cut off supplies and extracting excessive licensing fees. "Qualcomm's licensing practices have strangled competition," for years said U.S. District Judge Lucy Koh in San Jose, California who issued the decision late Tuesday night. Qualcomm told reporters it will appeal the decision and seek a stay to stop it from taking effect. "We strongly disagree with the judge's conclusions, her interpretation of the facts and her application of the law," said Don Rosenberg, Qualcomm general counsel.
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/law">Law</a>, <a href="http://www.circleid.com/topics/mobile_internet">Mobile Internet</a>, <a href="http://www.circleid.com/topics/wireless">Wireless</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=whfI27qvbRI:EgdZSY55ijM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=whfI27qvbRI:EgdZSY55ijM:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=whfI27qvbRI:EgdZSY55ijM:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=whfI27qvbRI:EgdZSY55ijM:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=whfI27qvbRI:EgdZSY55ijM:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=whfI27qvbRI:EgdZSY55ijM:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=whfI27qvbRI:EgdZSY55ijM:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=whfI27qvbRI:EgdZSY55ijM:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=whfI27qvbRI:EgdZSY55ijM:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Back to the Future Part IV: The Price-Fixing Paradox of the DNStag:circleid.com,2019:blogs/1.119022019-05-22T07:22:00-08:00Greg Thomas<p><strong>Today's TechLash should focus on causes rather than effects.</strong>
</p>
<p>
GenX-ers may remember spending a summer afternoon at the movie theater and seeing the somewhat corny but beloved antics of Marty McFly and Doc as they used a souped-up Delorean to travel the space-time continuum. In Back to the Future Part II, Doc and Marty travel into the future, where the bullying, boorish Biff causes a time-travel paradox when he steals the Delorean and takes a joyride into the past to give his younger self a sports almanac containing the final scores of decades worth of sporting events.
</p>
<p>
When Marty and Doc return to their present time, the younger Biff has used the almanac to amass a fortune from sports betting and, in this altered reality, he's rich and powerful, runs the town with an iron fist and has married Marty's mom after McFly peré died under suspicious circumstances. Basically, it's a circa-1989 Hollywood vision of dystopia that results when the space-time continuum is warped by interference &#8212; and what results is something that looks suspiciously similar to the Las Vegas Strip.
</p>
<p>
This warped reality that Marty and Doc arrive in when they come back from the future is not unlike where we find ourselves today with regards to Silicon Valley's Tech Titans, who have developed into absurdly wealthy behemoths that have sparked a backlash with boorish, if not outright bullying, behavior. They have managed to get a stranglehold on the global economy and their core product decisions now determine the extent that humanity enjoys fundamental rights such as privacy. For many, their experience of being "on the Internet" is through these companies' products.
</p>
<p>
However, this scenario was not inevitable &#8212; it is a consequence of a decision made just a few years after Back to the Future Part II was on the silver screen.
</p>
<p>
During the 1990s, the Clinton Administration was busily engaged with building an information superhighway. Part of this effort was the privatization of the addressing system of the Internet and the outsourcing of the Domain Name System's first domain name registries &#8212; .com, .net, .org, .gov, .mil, and .edu.
</p>
<p>
At some point, the U.S. Government decided domain name registries would offer domain names for annual registration with uniform and non-discriminatory pricing. Interestingly, neither the National Telecommunications and Information Administration or the National Science Foundation (which had jurisdiction over the DNS prior to it being handed to NTIA) have been able, or willing, to produce the original Cooperative Agreement between Network Solutions and the NSF, making any assessment of the decisions taken during this time period incomplete. But, it is plausible that the U.S. Government desired budget predictability for .gov domain name registrations due to annual Congressional appropriations and &#8212; for purposes of contract simplicity &#8212; this approach was replicated across all of the initial registries.
</p>
<p>
Whatever the motive, this approach would prove to be fateful. Substituting convenience for common sense, the government strayed from free-market principles and enshrined a price-fixing scheme into the root zone of the Internet that disconnected the price of acquiring and maintaining a domain name from the actual costs of resolving DNS queries associated with that domain name. Instead, every registrant of a domain name paid the same registration price regardless of the volume of resolutions that were performed for a specific domain name. In practice, this meant &#8212; and means &#8212; that the annual wholesale registration price for google.com is the same as a parked domain.
</p>
<p>
This had a few practical effects.
</p>
<p>
First, it insulated high-volume, web-based businesses from the actual costs of acquiring their customers since companies like Google, Facebook, Amazon, and others weren't paying an annual registration fee that accounted for the resolution services that were being used by these wildly popular domain names that were generating millions and billions of DNS queries a day as people typed google.com into their browser bar. A parallel that might be illustrative is to consider this like a retailer being excused from having to pay rent, electric and other costs associated with maintaining a brick-and-mortar storefront, and, instead, must pay only for an annual magazine subscription to Sports Illustrated for the lobby in order to enjoy the full use of the leased space and have it available for massive numbers of customers to visit.
</p>
<p>
These platforms avoided the actual costs associated with customer acquisition because they benefitted from a DNS that is subsidized by the total volume of domain names. Some readers may be scratching their heads and thinking that this disconnect between cost and resource usage is unideal, but it resulted in a massive explosion of technological innovation, wealth creation and human progress, not to mention that even if they had been on the hook for the true costs of their resolutions services, it wouldn't have been material enough to slay the Tech Titans &#8212; so what's the big deal?
</p>
<p>
Well, Google and the Tech Titans weren't gestating in a vacuum. This uniform, predictable, non-volatile pricing model was attractive to another segment of the population who began registering large volumes of domain names for speculative purposes. In the wildcatting early days, it was a land rush and not every speculator had scruples. The less scrupulous domainers, as domain investors came to be known, snapped up domain names similar or identical to trademarks, company names, slogans, service marks, and all manners of intellectual property and then ever-so-helpfully offered them for sale to the individuals or companies which held the rights to the intellectual property &#8212; at an extortionate premium.
</p>
<p>
Thus the world was introduced to a new take on an old crime &#8212; cybersquatting &#8212; and corporations and individuals began proactively acquiring huge volumes of domain names &#8212; what is called defensive registration &#8212; in the hopes of securing their intellectual property and protecting their brand identity without having to engage in costly enforcement actions that were, oftentimes and especially during the infancy and pre-teen years of the privatized Internet, of questionable efficacy.
</p>
<p>
Not all domain investors acted in bad faith, however, and many had accrued substantial portfolios of domain names, particularly in .com, and were realizing that maximizing the return on their investment in good faith &#8212; i.e. refraining from extorting exorbitant sums by selling companies their own intellectual property back to them &#8212; would require a strategic approach to managing their portfolios of long-term domain name investments.
</p>
<p>
The initial focus on "hunting" in cyberspace made way for "gathering" or monetizing domain name portfolios, primarily through (initially) lucrative pay-per-click advertising. PPC ads would generate more wealth than most people ever imagined &#8212; for both the domain name investors who monetized their portfolios, but especially for companies that controlled the market for online advertising. With hindsight, which is always 20/20, it's easy to see that, inevitably, this would metastasize into exactly what it did &#8212; a corrupt, self-perpetuating system.
</p>
<p>
Remember what pay-per-click ads were like in the late 1990s and early 2000s? They were those chintzy little text-only ads that were plastered on a website and usually indicated that whoever was driving the mouse had taken the wrong exit ramp off the information superhighway. They were especially prevalent on websites with domain names that were remarkably similar to that of the intended destination website, but nothing ever looked quite right, the content was a little garish, two-sizes-too-big, and practically leaped off of the page while imploring you to CLICK HERE!
</p>
<p>
A lot of people CLICKED.
</p>
<p>
Efforts to diversify &#8212; with censorious software, autonomous vehicles, broadband-bearing balloons, and probably a prototype or two of the T-9000 &#8212; remain, effectively, a sideshow to the main act and Google still makes a massive amount of money off of those ads every year.
<br />
But, suppose that, instead, domain name registrations had been based on actual resolution network traffic in the DNS &#8212; so that annual registration prices were calculated to reflect actual queries made as people sought, or were driven to, websites by clicking or typing a domain name into the browser's address bar. Not just the Tech Titans would have developed under a vastly different set of economics:
</p>
<p>
Is it all that difficult to imagine that domain investors might not have found it so economically rational to pursue PPC revenues across large portfolios of domain names if, instead of a regulated uniform annual registration price they were faced with pricing that varied by domain name and was based upon usage of DNS resolution services &#8212; i.e. the number of times that a domain name must be looked up by the network to ascertain the corresponding machine-readable numerical IP address?
</p>
<p>
If there wasn't a pool of domain investors motivated to monetize long-term assets for Google to tap into, might it have decided on a different direction for revenue generation that didn't rely so heavily on developing and driving users towards freeware "honeypots" in order to shear the herd's personal information to be packaged in ever-increasingly complex, clever and invasive fleeces to be sold to the highest bidder?
</p>
<p>
If you're old enough to remember the 1990's and early 2000s, think back to the early days when the Tech Titan was Big Blue owning the mainframe or Microsoft &#8212; the Evil Empire &#8212; sparking outrage and protests because a .doc wouldn't open up in Lotus or WordPerfect.
<br />
Remember Back to the Future 2, and our heroes Marty McFly and Doc who returned home to a vastly different reality because one bully pwned the sports book with a literal cheat sheet.
</p>
<p>
Is it really that difficult to consider that our dystopia today stems partly from the adoption of a false economic model where price bears no material relation to actual cost and which &#8212; by generating wealth at the expense of value &#8212; encouraged all sorts of undesirable downstream behavior?
</p>
<p>
Anybody got a Delorean?
</p><p><em>Written by <a href="http://www.circleid.com/members/7851/">Greg Thomas</a>, Managing Director of The Viking Group LLC</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/domain_management">Domain Management</a>, <a href="http://www.circleid.com/topics/dns">DNS</a>, <a href="http://www.circleid.com/topics/domain_names">Domain Names</a>, <a href="http://www.circleid.com/topics/intellectual_property">Intellectual Property</a>, <a href="http://www.circleid.com/topics/internet_governance">Internet Governance</a>, <a href="http://www.circleid.com/topics/policy_regulation">Policy & Regulation</a>, <a href="http://www.circleid.com/topics/registry_services">Registry Services</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=I9nfhQlS0qA:ZhmtaBNM18Q:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=I9nfhQlS0qA:ZhmtaBNM18Q:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=I9nfhQlS0qA:ZhmtaBNM18Q:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=I9nfhQlS0qA:ZhmtaBNM18Q:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=I9nfhQlS0qA:ZhmtaBNM18Q:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=I9nfhQlS0qA:ZhmtaBNM18Q:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=I9nfhQlS0qA:ZhmtaBNM18Q:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=I9nfhQlS0qA:ZhmtaBNM18Q:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=I9nfhQlS0qA:ZhmtaBNM18Q:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Microsoft Sees Serious Appetite for Revised Privacy Laws in US, Says It's Time to Match EU's GDPRtag:circleid.com,2019:news/6.119012019-05-21T10:52:00-08:00CircleID Reporter<p><a href="http://www.circleid.com/images/uploads/11901.jpg"><img src="http://www.circleid.com/images/uploads/11901.jpg" border="0" style="width:100%;height: auto;display:block;margin:0 0 10px 0;" /></a>
</p>
<p>
<strong>With the first anniversary</strong> of the European Union's General Data Protection Regulation (GDPR) approaching in just a few days, Microsoft's Corporate Vice President and Deputy General Counsel, Julie Brill says GDPR has been an important catalyst for progress in privacy protection around the world. Since GDPR began, she <a href="https://twitter.com/JulieSBrill/status/1130552816668467200">tweets</a>: "Over 18 million people have used the Microsoft privacy dashboard to control their data&#8230; including 6.7 million users from the US &#8212; the most of any country. Does this show an appetite among Americans for updated privacy laws? Yes!" In an accompanying <a href="https://blogs.microsoft.com/on-the-issues/2019/05/20/gdprs-first-anniversary-a-year-of-progress-in-privacy-protection/">post</a> on Monday she notes:
</p>
<p>
<em>"A lot has happened on the global privacy front since GDPR went into force. Overall, companies that collect and process personal information for people living in the EU have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose.
</p>
<p>
This has improved how companies handle their customers’ personal data. And it has inspired a global movement that has seen countries around the world adopt new privacy laws that are modeled on GDPR. Brazil, China, India, Japan, South Korea and Thailand are among the nations that have passed new laws, proposed new legislation, or are considering changes to existing laws that will bring their privacy regulations into closer alignment with GDPR.
</p>
<p>
... Now it is time for Congress to take inspiration from the rest of the world and enact federal legislation that extends the privacy protections in GDPR to citizens in the United States."</em>
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/internet_governance">Internet Governance</a>, <a href="http://www.circleid.com/topics/law">Law</a>, <a href="http://www.circleid.com/topics/policy_regulation">Policy & Regulation</a>, <a href="http://www.circleid.com/topics/privacy">Privacy</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=Fe1_VRxR7MI:UTy-0cTIgb8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=Fe1_VRxR7MI:UTy-0cTIgb8:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=Fe1_VRxR7MI:UTy-0cTIgb8:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=Fe1_VRxR7MI:UTy-0cTIgb8:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=Fe1_VRxR7MI:UTy-0cTIgb8:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=Fe1_VRxR7MI:UTy-0cTIgb8:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=Fe1_VRxR7MI:UTy-0cTIgb8:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=Fe1_VRxR7MI:UTy-0cTIgb8:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=Fe1_VRxR7MI:UTy-0cTIgb8:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Trump Orders Cyberattacks by US Companiestag:circleid.com,2019:blogs/1.118992019-05-21T09:42:00-08:00Anthony Rutkowski<p>It is supremely ironic. A rogue national leader with the stroke of a pen, <a href="https://www.reuters.com/article/us-huawei-tech-alphabet-exclusive/exclusive-google-suspends-some-business-with-huawei-after-trump-blacklist-source-idUSKCN1SP0NB">dictates that its companies will expose a foreign company's end users to cyberattacks</a>. This is the net effect of denying security patches or operating system updates pursuant to Trump's order. In the US Great Rogue Leader's bizarro world, this is the very behavior that he claims makes his actions necessary. In fact, this Trump malware attack is worse because of the mass exposure to exploits.
</p>
<p>
The actions here deserve strong rebuke by other nations, industry associations, and companies pursuing the 5G market. In the 5G ecosystem, <a href="http://www.circleid.com/posts/20190505_understanding_5g_a_basic_primer/">the most significant developments are software based</a>, and Trump has dealt a devastating blow to the ability of US companies to pursue those global markets. Indeed, the behavior is so patently harmful, that it may well represent a kind of retribution against Silicon Valley.
</p>
<p>
What Trump's actions are likely to induce are increased Balkanization and insulation measures worldwide against his unlawful behavior where international accords mean nothing. He is today unchecked and unrestrained by neither the US Constitutional System nor public international law. Global collaboration has been replaced by aberrant bilateral bullying, and US commitments mean nothing.
</p>
<p>
<strong>Trump's Loser Touch for 5G</strong>
</p>
<p>
Given the profound ignorance of the Trump Administration on technical matters and failure to engage in global collaborative activity, the US was unlikely to get a boost in the 5G marketplace. What was perhaps unexpected by US vendors was getting their marketplaces trashed.
</p>
<p>
The unfortunate result of this Trump behavior is that few if any nations will trust the US in the future. Most countries will demand that US companies create fully separated subsidiaries and facilities for their national markets. Countries will seek to prevent Trump software malware or denial of service attacks &#8212; where on a whim, he launches adverse cyber actions. The counter-actions include developing alternative sources of code, data centres, network resolver and discovery services and other support capabilities &#8212; that will have the long term effect of freezing US vendors out of large markets worldwide. Layered on top of the loss of the largest US VLSI component supplier markets and likely retributions in product markets, it is all part of Trump's disastrous 5G loser touch.
</p>
<p>
<em>The author is reflecting on concerns at last week's international 5G security meetings in France enhanced with additional perspective from a remote village in Provence.</em>
</p><p><em>Written by <a href="http://www.circleid.com/members/6809/">Anthony Rutkowski</a>, Principal, Netmagic Associates LLC</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/internet_governance">Internet Governance</a>, <a href="http://www.circleid.com/topics/mobile_internet">Mobile Internet</a>, <a href="http://www.circleid.com/topics/policy_regulation">Policy & Regulation</a>, <a href="http://www.circleid.com/topics/telecom">Telecom</a>, <a href="http://www.circleid.com/topics/wireless">Wireless</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=x7ycscLJEsE:AB3SolMoNho:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=x7ycscLJEsE:AB3SolMoNho:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=x7ycscLJEsE:AB3SolMoNho:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=x7ycscLJEsE:AB3SolMoNho:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=x7ycscLJEsE:AB3SolMoNho:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=x7ycscLJEsE:AB3SolMoNho:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=x7ycscLJEsE:AB3SolMoNho:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=x7ycscLJEsE:AB3SolMoNho:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=x7ycscLJEsE:AB3SolMoNho:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Threat Intelligence Platform in Action: Investigating Important Use Casestag:circleid.com,2019:blogs/1.119002019-05-21T07:02:00-08:00Jonathan Zhang<p>As technology gets more and more sophisticated, tech-savvy cybercriminals are having a field day devising increasingly ingenious ways to steal confidential data from ill-prepared targets.
</p>
<p>
What this means is that an equally sophisticated cybersecurity response is needed to keep attackers at bay. This would involve re-examining reactive cybersecurity practices and adopting a proactive approach towards an active search for risks and vulnerabilities with the help of threat intelligence (TI).
</p>
<p>
However, it's crucial to remember that the efficient deployment of threat intelligence tools requires a proper acknowledgment of their capabilities. And the best way to learn about them is to examine the variety of TI's use cases. We've already covered this topic in our post <a href="https://threatintelligenceplatform.com/blog/5-more-examples-of-threat-intelligence-platform-use-cases">5 More Examples of Threat Intelligence Platform Use Cases</a>. Now in this article, we're going to take a closer look at some of them.
</p>
<p>
<strong>Use Case 1: Catching Phishers</strong>
</p>
<p>
Cyber threats sometimes emerge from familiar sources. Just recently in February 2019, a Payoneer user (and probably hundreds of others) was surprised to receive emails from this digital payment service notifying him about unexpected payments in his favor and thus prompting him to log in on pages strikingly similar to payoneer.com.
</p>
<p>
Investigators can subject such messages to thorough <a href="https://threatintelligenceplatform.com/threat-intelligence-platform-investigation-1-payoneer-phishing-scam-hunted">threat intelligence analysis</a> that scrutinizes different parameters. In our case, the evidence pointed out to a phishing attack. Some important red flags discovered in the WHOIS records' and the SSL configurations' feeds of the TI report included the use of newly-registered domains with hidden owners' contact details and recently acquired SSL certificates &#8212; suggesting that the websites were created specifically for this attack.
</p>
<p>
<strong>Use Case 2: Defusing Malware</strong>
</p>
<p>
In the beginning, computer software was created to help businesses do their work faster and better. But then came the hackers who created malware and used them notably to steal sensitive data, delete confidential files, and even cause company operations to shut down. How do you stop it?
</p>
<p>
A <a href="https://threatintelligenceplatform.com/blog/6-reasons-to-put-cyber-threat-intelligence-services-to-work-for-your-company">threat intelligence platform</a> can disarm malware attacks by conducting a domain malware check which allows running a suspicious domain through multiple security databases to verify if it is considered dangerous in any of them. Target websites can also be scanned for potentially dangerous .exe or .apk files capable of running malicious code.
</p>
<p>
<strong>Use Case 3: Exposing Social Hacking</strong>
</p>
<p>
We've all heard of corporate websites being hacked, but there's a new phenomenon called social hacking where perpetrators aim to cause damage to the reputation of their targets. To achieve that, they troll social media accounts, post negative messages, or pretend to be the company's representatives to scam people.
</p>
<p>
A threat intelligence platform can prevent social hacking by analyzing data feeds from WHOIS and malware databases to help spot fake social media profiles as well as allow the deep examination of the links that hackers tempt netizens to click or download since these may contain malware and viruses.
</p>
<p>
<strong>Use Case 4: Unmasking Impostors</strong>
</p>
<p>
How many times have employees been tricked into releasing huge company funds by somebody assuming a fake identity? Many times, apparently, since damage from business-email compromise (BEC) scams <a href="https://www.ic3.gov/media/2018/180712.aspx">reached $12.5 billion last year</a>, according to the FBI. How can you put a stop to this threat that could bring your company to its knees?
</p>
<p>
A threat intelligence platform can unmask impostors by examining their domain history. Warnings can be raised, for instance, if the target being investigated has changed domain ownership multiple times in a short period of time. Another technique is to verify the validity of its SSL certificates, paying particular attention to recently-acquired certificates which are often indicative of a malicious entity preparing for an attack.
</p>
<p>
<span style="display:block;text-align:center;">* * *</span>
</p>
<p>
The threat landscape is getting increasingly dangerous, and it demands a proactive defensive response. Deploying threat intelligence makes it possible by putting the most essential cybersecurity measures at your disposal.
</p><p><em>Written by <a href="http://www.circleid.com/members/8336/">Jonathan Zhang</a>, Founder and CEO of Threat Intelligence Platform</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/cybersecurity">Cybersecurity</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=bBkSp6qbA1s:Fv3MRWdhybQ:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=bBkSp6qbA1s:Fv3MRWdhybQ:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=bBkSp6qbA1s:Fv3MRWdhybQ:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=bBkSp6qbA1s:Fv3MRWdhybQ:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=bBkSp6qbA1s:Fv3MRWdhybQ:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=bBkSp6qbA1s:Fv3MRWdhybQ:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=bBkSp6qbA1s:Fv3MRWdhybQ:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=bBkSp6qbA1s:Fv3MRWdhybQ:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=bBkSp6qbA1s:Fv3MRWdhybQ:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>NGOs, Academics Warn Against EU’s Deep Packet Inspection Problem, at Least 186 ISPs Breaking Rulestag:circleid.com,2019:news/6.118982019-05-20T21:01:01-08:00CircleID Reporter<p><strong>European Digital Rights organization</strong> (EDRi) along with 45 NGOs, academics and companies from 15 countries sent <a href="https://edri.org/wp-content/uploads/2019/05/20190515_EDRiOpenLetterDeepPacketInspection.pdf">an open letter</a> to European policymakers and regulators on Wednesday warned against the widespread use of Deep Packet Inspection (DPI) technology by Internet service providers in the EU. Despite net neutrality regulation in effect, the EU ISPs are using DPI technology to examine the content of users' communication for traffic management and differentiated pricing of specific applications or services.
</p>
<p>
&mdash; <strong>DPI deployment in large scale:</strong> "[W]ith the proliferation of zero-rating in all but two European countries, the industry has started to deploy DPI equipment on a large scale in order to charge certain data packages differently or to throttle services and cram more internet subscribers in a network already running over capacity." (EDRi)
</p>
<p>
&mdash; <strong>Watering down the rules:</strong> "Europe's current net neutrality rules indeed ban DPI technology that examines specific user information for the purpose of treating traffic differently," says Jan Penfrat, EDRi's Senior Policy Advisor. A mapping of zero-rating offers in Europe conducted by EDRi member Epicenter.works has identified 186 telecom services potentially using of DPI technology. "Most regulators have so far turned a blind eye on these net neutrality violations. Instead of fulfilling their enforcement duties, they seem to now aim at watering down the rules that prohibit DPI."
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/access_providers">Access Providers</a>, <a href="http://www.circleid.com/topics/net_neutrality">Net Neutrality</a>, <a href="http://www.circleid.com/topics/policy_regulation">Policy & Regulation</a>, <a href="http://www.circleid.com/topics/privacy">Privacy</a>, <a href="http://www.circleid.com/topics/telecom">Telecom</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=_KHrvBuDrQM:GWP6rpyPeow:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=_KHrvBuDrQM:GWP6rpyPeow:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=_KHrvBuDrQM:GWP6rpyPeow:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=_KHrvBuDrQM:GWP6rpyPeow:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=_KHrvBuDrQM:GWP6rpyPeow:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=_KHrvBuDrQM:GWP6rpyPeow:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=_KHrvBuDrQM:GWP6rpyPeow:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=_KHrvBuDrQM:GWP6rpyPeow:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=_KHrvBuDrQM:GWP6rpyPeow:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>ICANN Says Amazon Inc's Application for .AMAZON TLD Can Proceed Following 30 Days of Public Commenttag:circleid.com,2019:news/6.118972019-05-20T20:25:01-08:00CircleID Reporter<p><a href="http://www.circleid.com/images/uploads/11897.jpg"><img src="http://www.circleid.com/images/uploads/11897.jpg" border="0" style="width:100%;height: auto;display:block;margin:0 0 10px 0;" /></a>
</p>
<p>
<strong>The giant online retailer Amazon Inc is one step away</strong> from winning the .AMAZON top-level domain name after a 7-year battle with the eight Latin American countries. The Internet Corporation for Assigned Names and Numbers (ICANN) on Monday <a href="https://www.icann.org/resources/board-material/resolutions-2019-05-15-en#1.c">concluded</a> that there is no public policy reason for the .AMAZON applications not to proceed in the New gTLD Program. It has given the application a final 30-day period of public comment before moving ahead. The conclusion was reached after the Amazon basin countries Brazil, Bolivia, Peru, Ecuador, Colombia, Venezuela, Guyana and Suriname failed to reach an agreement.
</p>
<p>
&mdash; <strong>From ICANN May 15th resolution:</strong> "the Board finds the Amazon corporation proposal of 17 April 2019 acceptable, and therefore directs the ICANN org President and CEO, or his designee(s), to continue processing of the .AMAZON applications according to the policies and procedures of the New gTLD Program. This includes the publication of the Public Interest Commitments (PICs), as proposed by the Amazon corporation, for a 30-day public comment period, as per the established procedures of the New gTLD program."
</p>
<p>
&mdash; <strong>Rights undermined:</strong> The Brazilian Foreign Ministry said it feared the ICANN decision did not sufficiently take into account the interests of the South American governments involved and undermined the rights of sovereign states.
</p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/icann">ICANN</a>, <a href="http://www.circleid.com/topics/internet_governance">Internet Governance</a>, <a href="http://www.circleid.com/topics/new_tlds">New TLDs</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=NxszBrz0HZ0:MWjD_xgM5l0:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=NxszBrz0HZ0:MWjD_xgM5l0:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=NxszBrz0HZ0:MWjD_xgM5l0:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=NxszBrz0HZ0:MWjD_xgM5l0:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=NxszBrz0HZ0:MWjD_xgM5l0:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=NxszBrz0HZ0:MWjD_xgM5l0:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=NxszBrz0HZ0:MWjD_xgM5l0:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=NxszBrz0HZ0:MWjD_xgM5l0:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=NxszBrz0HZ0:MWjD_xgM5l0:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>Broadband and Food Safetytag:circleid.com,2019:blogs/1.118962019-05-20T10:00:00-08:00Doug Dawson<p>I recently saw a presentation that showed how food safety is starting to rely on good rural broadband. I've already witnessed many other ways that farmers use broadband like precision farming, herd monitoring, and drone surveillance, but food safety was a new concept for me.
</p>
<p>
The presentation centered around the romaine lettuce scare of a few months ago. The food industry was unable to quickly identify the source of the contaminated produce and the result was a recall of all romaine nationwide. It turns out the problem came from one farm in California with E. Coli contamination, bur farmers everywhere paid a steep price as all romaine was yanked from store shelves and restaurants, also resulting in cancellations of upcoming orders.
</p>
<p>
Parts of the food industry have already implemented the needed solution. You might have noticed that the meat industry is usually able to identify the source of problems relatively quickly and can usually track problems back to an individual rancher or packing house. Cattle farmer are probably the most advanced at tracking the history of herd animals, but all meat producers track products to some extent.
</p>
<p>
The ideal solution to the romaine lettuce problem is to document every step of the farming process and to make that information available to retailers and eventually to consumers. In the case of romaine that might mean tracking and recording the basic facts of each crop at each farm. That would mean recording the strain of seeds used. It would mean logging the kinds of fertilizer and insecticide applied to a given field. It would mean recording the date when the romaine was picked. The packing and shipping process would then be tracked so that everything from the tracking number on the box or crate, and the dates and identity of every immediate shipper between farm to grocery store would be recorded.
</p>
<p>
Initially, this would be used to avoid the large blanket recalls like happened with romaine. Ultimately, this kind of information could be made available to consumers. We could wave our smartphone at produce and find out where it was grown, when it was picked and how long it's been sitting in the store. There are a whole lot of steps that have to happen before the industry can reach that ultimate goal.
</p>
<p>
The process needs to start with rural broadband. The farmer needs to be able to log the needed information in the field. The day may come when robots can automatically log everything about the growing process, and that will require even more intensive and powerful broadband. The farmer today needs an easy data entry system that allows data to be scanned into the cloud as they work during the growing, harvesting, and packing process.
</p>
<p>
There also needs to be some sort of federal standards so that every farmer is collecting the same data, and in a format that can be used by every grocery store and restaurant. There is certainly a big opportunity for any company that can develop the scanners and the software involved in such a system.
</p>
<p>
In many places, this can probably be handled with robust cellular data service that extends into the fields. However, there is a lot of rural America that doesn't have decent, or even any cell service out in the fields. Any farm tracking data is also going to need adequate broadband to upload data into the cloud. Farms with good broadband are going to have a big advantage over those without. We already know this is true today for cattle and dairy farming where detailed records are kept on each animal. I've talked to farmers who have to drive every day to find a place to upload their data into the cloud.
</p>
<p>
In the many counties where I work today the farmers are among those leading the charge for better broadband. If selling produce or animals requires broadband we are going to see farmers move from impatience to insistence when lack of connectivity means loss of profits.
</p>
<p>
I know as a consumer that I would feel better knowing more about the produce I buy. I'd love to buy more produce that was grown locally or regionally, but it's often nearly impossible to identify in the store. I'd feel a lot safer knowing that the batch of food I'm buying has been tracked and certified as safe. Just in the last year there's been recalls on things like romaine, avocados, spring onions, and packaged greens mixes. I don't understand why any politician that serves a farming district is not screaming loudly for a national solution for rural broadband.
</p><p><em>Written by <a href="http://www.circleid.com/members/8383/">Doug Dawson</a>, President at CCG Consulting</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/broadband">Broadband</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=5FNAbhntVdA:w2Y1OyLYIFI:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=5FNAbhntVdA:w2Y1OyLYIFI:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=5FNAbhntVdA:w2Y1OyLYIFI:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=5FNAbhntVdA:w2Y1OyLYIFI:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=5FNAbhntVdA:w2Y1OyLYIFI:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=5FNAbhntVdA:w2Y1OyLYIFI:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=5FNAbhntVdA:w2Y1OyLYIFI:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=5FNAbhntVdA:w2Y1OyLYIFI:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=5FNAbhntVdA:w2Y1OyLYIFI:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>A Closer Look at the "Sovereign Runet" Lawtag:circleid.com,2019:blogs/1.118952019-05-17T13:08:00-08:00Ilona Stadnik<p>In December 2018, a bill on the "stable operation" of the Russian segment of the Internet was introduced and got the title "Sovereign Runet" in mass media and among the public. It was adopted after 5 months later, despite doubts about the technical feasibility of its implementation. The law is very ambitious in its intent to simultaneously control Internet traffic and protect Runet from some external threats, but legislators still have no idea how it would actually work.
</p>
<p>
This is not the first attempt of Russian legislators to take control of the Internet within the state borders. The previous bill was initiated by the Ministry of Communications (MoC) in 2014. Then it was proposed to describe the elements of the critical information infrastructure of the Runet, to establish control over traffic exchange points and cross-border communication lines. The main element of the first bill was the creation of a state information system that contains a copy of databases with traffic exchange points, autonomous system numbers (ASN), allocation of IP addresses and routing policies. The state information system should be used by the Russian telecom operators when routing national traffic. But this "national Internet" just means making a copy of the existing RIPE NCC databases. And that makes no technical sense because the data requires constant updates to keep the actual routing information (See my recent paper <a href="https://www.internetgovernance.org/research/sovereign-runet-what-does-it-mean/">"Sovereign RUnet: What does it mean"?</a>)
</p>
<p>
The discussion of the 2014 bill continued for 2 years; a lot of amendments were made to it. The latest activity on it was observed in January 2018, when the press referred to new edits that took into account the opinion of the telecom industry. Ultimately, a kind of compromise was reached but the bill was never submitted to the State Duma for debate and approval. Instead, a new bill was introduced in December 2018 by two senators and one deputy. None of them are directly connected to the Internet infrastructure issues. Obviously, such a move was chosen to launch the consideration of the bill in the State Duma as soon as possible, and to avoid additional coordination with other relevant ministries and the security service, as happened to the MoC bill.
</p>
<p>
According to <a href="https://www.currenttime.tv/a/ex-officials-about-runet-roscomnadzor/29895845.html">anonymous sources</a> (former MoC employees), the main interested party in the adoption of both bills is the Security Council. In 2014, after the start of anti-Russian sanctions and problems with the operation of Internet services in Crimea, the main task was to ensure the stability and security of the Russian segment of the Internet. Other interlocutors recalled even 2006-2007, when people in the Security Council and Administration of the President were preoccupied with the likelihood of an external Internet shutdown. They took seriously the prospect that the U.S. could unilaterally disable Russia's DNS. That is why Russia had been consistently taking initiatives to transfer ICANN's functions to the International Telecommunication Union (ITU), and still continues to criticize ICANN for being a US-based corporation.
</p>
<p>
Another concern was the circulation of Russian Internet traffic. Some high-ranking officials believed that a lot of Russian traffic loops through foreign networks. This did actually happen in the early 2000s, because of the low cost of such routes and competition between ISPs. But people from the Administration, inspired by several ideologues from Roskomnadzor (RKN, the communications supervisory agency) exploited this story: loop traffic is unacceptable because foreign intelligence can spy on our traffic or snatch it and replace it with something else. Exactly the same reasons were heard from the deputies and senators advocating for the new bill in 2019, as will be shown below.
</p>
<p>
Another interested party became RKN, since this supervisory agency got very broad powers to block prohibited Internet resources in 2012. In particular, the system of blocking built by RKN created DNS vulnerabilities that are regularly exploited.1 Finally, RKN's failure to block Telegram messenger became a reputational blow for the agency. As part of RKN's attempts to execute the law, on peak days in April 2018 entire subnets of IP addresses were blocked, reaching 18 million records in the blacklist. It negatively affected the work of many third-party services and Internet businesses. So RKN's interest in a new law that empowers it to control and filter all traffic, is obvious.
</p>
<p>
<strong>What's in the adopted law? </strong>
</p>
<p>
On May 1 2019 the new law was <a href="http://publication.pravo.gov.ru/Document/View/0001201905010025?fbclid=IwAR3POFABIeaD21PCGKdNDOMm-tDwZ-gU_uxyONSLw520E0cUT6x47m_sLjk">signed</a> by President Putin. In total, only 5 months have passed since the first introduction of the bill and only 6 more months remain until its entry into force on November 1, 2019. Amazing speed! The content and focus of law, after all the debates, <a href="https://www.internetgovernance.org/2018/12/23/russia-tries-to-double-down-on-a-national-internet/">is not very different from its first December draft</a>, except for several additions. Basically, the document contains amendments to two existing laws "on Communications" and "on Information", and these are summarized and commented upon in this <a href="https://internetgovernance.org/pdf/Federal-law-FZ-90-Summary.pdf">document</a>.
</p>
<p>
In brief, the law sets the following:
</p>
<ul>
<li>The main subjects responsible for stable operation of the Internet in Russia are telecom operators and owners and/or proprietors of: (1) technical communication networks (used for operations of transport/energy and other infrastructures, not connected to the public communication network), (2) traffic exchange points, (3)communication lines crossing the state border and (4) autonomous system numbers (ASN). RKN will keep registries for the last three categories. All subjects must participate in the regular exercises for the stable Runet.</li>
<li>RKN will execute the centralized management of communication networks in the event of threats to the stability and security of the Runet, by defining routing policies for telecom operators and other subjects and coordinating their connections.</li>
<li>Telecom operators are required to ensure the installation in their networks of technical means for countering threats to the stability, security and integrity of Internet operation on the territory of Russia. These technical means will also serve the purpose of traffic filtering and blocking access to prohibited Internet resources.</li>
<li>The law creates a Center for monitoring and control of public communication networks under the RKN supervision.</li>
<li>The law creates a national domain name system</li>
</ul>
<p>
<strong>The debate over the law </strong>
</p>
<p>
Based on the statements of deputies and senators during the readings of the bill (3 in the <a href="http://transcript.duma.gov.ru/api_search/?search_mode=number&amp;sessid=5081&amp;dt_start=&amp;dt_end=&amp;deputy=&amp;type=any&amp;number=608767-7&amp;keyWords=">State Duma</a> and 1 in the <a href="http://council.gov.ru/activity/meetings/103702/transcrip">Federation Council</a>), the motivation for its adoption can be summarized in several points. The main motive is that this law is a response to the latest US cybersecurity strategy, where the Russian lawmakers saw a direct threat to Russian networks in a statement to use offensive capabilities to protect US networks and interests in cyberspace. The speed of the law's adoption was justified by its critical meaning for implementation of the national program "Digital Economy" that highly depends on the Internet.
</p>
<blockquote><p>"<em>Obviously, it is necessary to protect the digital lifestyle of Russians; in this regard, it is necessary to ensure the stability of the main services of </em><em>Runet</em><em> and the reliability of Russian Internet resources, and this requires a national infrastructure that can protect </em><em>Runet</em><em> in the event of a threat of blocking the connection </em><em>to </em><em>the root servers placed abroad</em>." &#8212; Ms. Arshinova, Deputy from the United Russia party.</p></blockquote>
<p>
The co-author of the law Mr. Lugovoy, Deputy from the Liberal-Democratic Party of Russia, frightened his colleagues with the controversial case of an <a href="https://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war">Internet shutdown in Syria in November 2012</a>, which he attributed to the special operations of the US National Security Agency. Another argument to adopt the law was the analogy with sanctions by international payment systems in Crimea in 2014 when Russia had to elaborate its own national payment system "МИР" to avoid financial collapse. And finally, some deputies still believe that foreign loop traffic must be "reduced significantly" according to the "Digital Economy program."
</p>
<blockquote><p>"<em>The bill has already been called the law on autonomous, sovereign </em><em>Runet</em><em>, but if you look closely at the proposed changes, there is no separation of </em><em>Runet</em><em> or turning it into a closed system that does not communicate with the global Internet. The bill is not aimed at isolation at all &#8212; it is about ensuring the smooth functioning of our economy and other spheres of society, and most importantly, protecting the rights of Russian citizens who adhere to </em><em>the </em><em>digital lifestyle</em>&#8221; &#8212; Ms. Arshinova, Deputy from the United Russia party.</p></blockquote>
<p>
The other co-author of the law, Senator Mr. Klishas claimed that technically Russia can be disconnected from the Internet root servers. But he didn't take into account that the governance of critical Internet infrastructure requires trust and cooperation amongst all involved stakeholders. To say that American companies (namely ICANN and Verisign) can immediately "cut out" records of Russian domains by the order of the US government is a major misconception. If ICANN sets such a precedent, the credibility of this organization will be lost forever &#8212; and it threatens the resilience of the Internet as a whole if there is no authoritative center for the coordination of the domain name space. There could be a rollback to the 80-90s, when various large regional networks coexisted. If we talk in terms of American interests, this is the last thing the US government wants to do, because it directly contradicts its policy of globalization and the spread of the Internet around the globe.
</p>
<p>
Nevertheless, representatives from the opposition parties asked tricky questions and conveyed the concerns of society about the real censorship nature of the law. Firstly, they demanded that the bill's advocates name the threats from which the law is supposed to protect the Runet. The law should reflect all these threats because they directly relate to the constitutional right of our citizens to access reliable information.
</p>
<blockquote><p>"<em>The list of threats, as the authors tell us, they will determine during the exercises &#8212; wow! Imagine, colleagues, if we were to report our bills in the following way: we do not know what will happen, we will say after the experi</em><em>ment</em><em>, so you first pass the law, and then we will conduct exercises. Will </em><em>you conduct exercises </em><em>on people?</em><em> You can't do that, colleagues</em>&#8221; &#8212; Mr. Nilov, deputy form the Just Russia party.</p></blockquote>
<p>
Another point of critique was the absence of responsibility for network crashes that may happen during centralized management by RKN. The law removes responsibility from operators, but there is no transfer of it. Operators can only ask RKN about anomalies in their networks, that is all.
</p>
<blockquote><p>"<em>Whatever this bill may be called, its main purpose is to control the cross-border information flows. What for? In order to restrict this very information, the flow of this very information &#8212; there can be no doubts or illusions. They say, all this is done exclusively for the public good &#8212; for the good it would be enough to duplicate domain infrastructure, it could be carried out even without making appropriate changes to the law, it could be done at the level of </em><em>Roskomnadzor</em><em> or the Ministry of </em><em>C</em><em>ommunications. So, the bill is extremely restrictive, and it is also an attempt to force the execution of those laws which we adopted earlier</em>&#8221; &#8212; Mr. Kurinnyi, deputy from the Communist party of Russia.</p></blockquote>
<p>
By the last sentence, the deputy implied the complete failure of RKN to block Telegram messenger, as well as to compel foreign companies like Twitter and Facebook to localize the personal data of Russian citizens.
</p>
<blockquote><p><em>"Now we are asked to adopt in the first reading the draft law on the protection of "something fr</em><em>o</em><em>m something". And where are the guarantees that the next step, which will determine the Government, will not be the transformation of the currently public Internet into such a corporate intranet, limited by the borders of the Russian Federation?"</em> &#8212; Mr. Yushchenko, deputy from the Communist party of Russia.</p></blockquote>
<p>
Other deputies paid attention to the creation of a point of failure for the Runet &#8212; the Center for monitoring and control of public communication networks. If there is a single control center, it is easy to break it and disrupt Runet at once. Finally, deputies were angry about the budget issue. Initially, the financial justification of the bill claimed that "adoption and implementation of the Federal Law will not require expenditures from the federal budget." But then it became known that the money was already allocated to the budget of the national program Digital Economy &#8212; 20,8 billion rubles to purchase the equipment to counter threats, 4,5 billion rubles for national DNS and 5,5 billion rubles to develop necessary hard and software.
</p>
<blockquote><p>"<em>You know, colleagues, I have not seen such a brazen and cynical bill, which you push forward, saying that it won't require even a ruble from the budget. We have a government like</em><em> </em><em>Nostradamus: the government, adopting the draft budget last year, already assumed that three cranks (two from the Federation Council and one from the State Duma) will introduce this year this bill, and has already saved some money for it!"</em> &#8212; Mr. Ivanov, deputy from the Liberal-Democratic Party of Russia.</p></blockquote>
<p>
Even before the first reading happened in the State Duma in February, measures in the bill were greeted negatively by the technical community, while the broader IT industry took an ambiguous position supporting but slightly criticizing the bill. It is known that there was only one expert meeting, organized by the State Duma Committee on information policy, information technologies and communications in January. It gathered representatives from IT business and telecom, public organizations and authorities. Some transcripts of the conversations were <a href="https://usher2.club/articles/gosduma-20190117/">leaked</a> to social media. Together, of the 33 speakers, 13 were clearly against or had serious objections to the bill &#8212; the "Big 3" telecom operators MTS, VimpelCom, and MegaFon (with Rostelecom predictably supporting the bill), the Association of Computer and IT Enterprises (which represents participants of the digital economy in Russia), the Association of Documentary Telecommunication (in 2017 it conducted the <a href="https://drive.google.com/file/d/1e_5AkGbeaf7R19gEm99FmkmS2E4PmaMl/view">study of loopback traffic in Russia</a> and proved its insignificant share), the Technical Center of Internet, Coordination Center for TLD .RU, the Russian Association of Electronic Communications and Regional public organization "Center of Internet-technologies."
</p>
<p>
Industry was concerned with these issues:
</p>
<ul><li>The "black boxes" &#8212; the technical means to counter threats provided to telecom operators by RKN &#8212; will dramatically affect the quality of communication. It is obvious from the law because operators are even immunized from responsibility for future network crashes. Also, the law does not cover the cost of their installation and maintenance, nor take into consideration the development and growth of networks &#8212; operators will have to spend billions of rubles on that, which will slow down their development and growth.</li>
<li>Legislators mixed up technical and content-based threats. It is impossible to solve both problems with one "black box."</li>
<li>The issue of duplication of critical elements of the Internet infrastructure and domain names has already been agreed with the industry last year. Several representatives of telecom industry recalled the bill mentioned in the beginning of the post. They were curious why legislators decided not to push the adoption of the previous bill while there was a consensus with industry, but instead invented a new document and added an ambitious aim to filter all Runet traffic.</li></ul>
<p>
Anyway, despite the substantial criticism, the law was adopted. Legislators couldn't provide adequate answers on the resilience of the technical means and even lied that they won't degrade the quality of communication. The recent case with Yandex illustrates the argument. In March 2019, when attackers conducted a DNS attack on several large Russian Internet-resources, one of the main victims became Yandex. That was exactly that type of attack that exploits the vulnerability in the RKN blocking system which I explained above. As a result of the attack, a few small operators blocked access to some IP addresses of Yandex, and large operators who use DPI systems to block content were forced to pass all traffic to Yandex services through DPI. It significantly reduced the speed of access to Yandex services for users. Yandex repelled the attack for several days. "The blocking of sites was avoided, but the attack did not go unnoticed: active users of the company's services noticed a decrease in the speed of access to them," the company representative <a href="https://www.rbc.ru/technology_and_media/14/03/2019/5c890f369a7947a2a2d4fb39">said</a>. The case clearly illustrates the perspectives of traffic inspection on a large scale in future &#8212; the equipment won't cope with bandwidth.
</p>
<p>
<strong>What's now? </strong>
</p>
<p>
What will happen during the 5 months before the law comes into force? The MoC, the Government and RKN are required to prepare 30 by-laws (you can track their readiness <a href="https://docs.google.com/spreadsheets/d/1GF9uPn-rI9z8KBLJ54Bf3Dje42M2dfPhIasPN2fva-E/edit">here</a>) which should fill in the blind spots in the text of the law. Specifically, they will need to:
</p>
<ul><li>Make a list of the threats to the Runet and the principles of centralized traffic management </li>
<li>Define the technical parameters and rules governing the "black boxes"</li>
<li>Define how the registry of traffic exchange points will be formed </li>
<li>Define rules for providing information from operators and owners of ASN for filling in various information systems,</li>
<li>Figure out how the national DNS will work </li>
<li>Establish a Center for monitoring and control of the public communications network. (It is noteworthy that the resolution on its creation was <a href="http://government.ru/docs/35809/">signed</a> by the Government in February 2019, before the adoption of the law. The Center should start working by January 2020.)</li></ul>
<p>
<strong>Concluding thoughts </strong>
</p>
<p>
Analysis of the law leaves the impression that it was written by people who do not understand the way the Internet works and are relying on a mental model of telephone communications. Moreover, they appear to blindly believe in the omnipotence of "black boxes" that will filter traffic and protect Runet from unknown threats on a national scale.
</p>
<p>
With this first impression, it seems like the law is primarily aimed at censorship under the cover of national security. Companies who don't comply with laws that require decryption or localization of users' messages, and continue to operate in Russia, such as Twitter, Facebook and Telegram, have damaged the reputation of RKN. The government cannot allow these companies to continue to fail to execute its decisions anymore.
</p>
<p>
Of course, one can agree that the resiliency of the Internet in the country is a serious concern and should be addressed in some way, but the measures offered by this law don't solve those problems; on the contrary they can degrade the quality of access and make Runet more vulnerable than it is now by centralizing management of public networks.
</p>
<p>
More likely this law will share the fate of the anti-terrorist amendments known as the "Yarovaya package," which required service providers to store the content of voice calls, data, images and text messages for 6 months, and the metadata of communications for 3 years. It came into force in October 2018, but since then none of the service providers execute data retention, simply because they do not possess the necessary equipment needed to store such enormous amounts of data. Moreover, there is still no ready-made suitable solution on the market for this purpose. And government is still fighting to establish the requirement to use only national technological solutions.
</p>
<p>
One can imagine how much work will be needed to develop the traffic management equipment to support the RKN Center for monitoring and control of public networks, and the systems supporting a national DNS. It is therefore highly unlikely that those 30 by-laws needed to clarify the technical requirements will be issued by the 1st of November 2019. On the contrary, it will probably take several years to complete.
</p>
<p>
However, the upcoming field testing of DPI solutions by RKN will gradually reveal the insanity of its idea to fully control all traffic in the country. End users and especially businesses will need to be prepared for service interruptions; "without a declaration of war," access to some "legitimate" Internet services will be denied. Well, it's good, if such problems would be immediately acknowledged by RKN and rolled back, but who will compensate the businesses for the losses? That's why optimists simply crossed their fingers, held their breath and waited for telecom to sabotage the execution of the law or find a way to comply formally on paper, without actually doing so. Moreover, there is nothing to execute yet &#8212; practical steps are awaiting to be defined in future.
</p>
<p>
<em>Originally published in the <a href="https://www.internetgovernance.org/2019/05/16/a-closer-look-at-the-sovereign-runet-law/">Internet Governance Project</a>.</em>
</p><p><em>Written by <a href="http://www.circleid.com/members/8381/">Ilona Stadnik</a>, Ph.D. candidate at the Saint-Petersburg State University</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/censorship">Censorship</a>, <a href="http://www.circleid.com/topics/internet_governance">Internet Governance</a>, <a href="http://www.circleid.com/topics/law">Law</a>, <a href="http://www.circleid.com/topics/policy_regulation">Policy & Regulation</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=oGbGNIrkh8o:LCSq_0GN76A:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=oGbGNIrkh8o:LCSq_0GN76A:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=oGbGNIrkh8o:LCSq_0GN76A:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=oGbGNIrkh8o:LCSq_0GN76A:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=oGbGNIrkh8o:LCSq_0GN76A:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=oGbGNIrkh8o:LCSq_0GN76A:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=oGbGNIrkh8o:LCSq_0GN76A:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=oGbGNIrkh8o:LCSq_0GN76A:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=oGbGNIrkh8o:LCSq_0GN76A:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>SpaceX Reports Significant Broadband Satellite Progresstag:circleid.com,2019:blogs/1.118942019-05-17T11:51:00-08:00Larry Press<p><em>SpaceX may be approaching debris detection as a machine-learning problem in which the entire constellation, not individual satellites, is learning to avoid collisions.</em>
</p>
<p>
SpaceX delayed last Wednesdays Starlink launch due to high winds and on Thursday they decided to do a software update and postpone the launch until next week, but they revealed significant progress in their <a href="https://www.spacex.com/sites/spacex/files/starlink_press_kit.pdf">Starlink mission press release</a> and in tweets by and a <a href="https://www.reddit.com/r/spacex/comments/bp4zfe/starlink_media_call_highlights/">media call</a> with Elon Musk.
</p>
<p>
<span style="font-size:85%;line-height:1.4em;color:#666666;margin:15px 0;display:block;"><a href="http://www.circleid.com/images/uploads/11894a.jpg"><img src="http://www.circleid.com/images/uploads/11894a.jpg" border="0" style="display:block;width:100%;height: auto;margin-bottom:10px;" /></a>Starlink size comparison &ndash; novel packaging accommodates 60 satellites in a single launch. (<a href="https://www.reddit.com/r/SpaceXLounge/comments/bnw84p/starlink_size_comparison_visualization/">Source</a>)</span>
</p>
<p>
The mission press release said SpaceX has significantly reduced the size and weight of their satellites. Their initial November 2016 FCC filing specified 386 kg satellites that measured 4 x 1.8 x 1.2 meters. In February 2018, they launched two Internet-service test satellites &#8212; TinTin A and B &#8212; that measured only 1.1 x .7 x .7 meters with a total mass of approximately 400 kg. The mass of the Starlink satellites will be only 227 kg, about 43% that of the test satellites. (They are still heavier than OneWeb's 147.4 kg <a href="http://www.circleid.com/posts/20170824_oneweb_satellite_internet_project_status_update/">test satellites</a>)
</p>
<p>
As far as I know, SpaceX has not previously commented on the number of satellites that might be launched at once, but the number was generally estimated as 25-30 after considering constraints on mass, volume, and numbers of satellites per orbital plane. As shown here, they will be launching a surprising 60 flat-packed satellites. Launching 60 satellites also demonstrates continued progress in rocket capability &#8212; this will be the <a href="https://twitter.com/elonmusk/status/1128840713783791619">heaviest SpaceX payload</a> ever.
</p>
<p>
<span style="font-size:85%;color:#666666;padding:0 0 2px 10px;margin:0 0 10px 15px;border-left:1px solid #ddd;width:250px;float:right;line-height:1.4em;"><a href="http://www.circleid.com/images/uploads/11894b.jpg"><img src="http://www.circleid.com/images/uploads/11894b.jpg" border="0" style="width:250px;display:block;margin-bottom:10px;" /></a>The speed and density of satellites in
<br />
low-earth orbit increase the likelihood
<br />
of a cascading debris collision. (<a href="https://www.wikiwand.com/en/Kessler_syndrome">Source</a>)</span>The current and planned proliferation of low-earth orbit satellites increases the likelihood of a <a href="https://www.wikiwand.com/en/Kessler_syndrome">Kessler Syndrome</a> event &#8212; a cascade of collisions between satellites and the ensuing debris. The press release alluded to what may be a significant advance in debris mitigation, stating that:
</p>
<blockquote><p><em>Each spacecraft is equipped with a Startracker navigation system that allows SpaceX to point the satellites with precision. Importantly, Starlink satellites are capable of tracking on-orbit debris and autonomously avoiding a collision.</em></p></blockquote>
<p>
That would be a breakthrough if feasible, but on first consideration, it seems impossible. Low-earth orbit satellites move very fast and even if a satellite had the resolution and pattern-recognition capability to "see" debris in its path, it would not be able to maneuver quickly enough to avoid a collision. That point was raised in <a href="https://www.reddit.com/r/spacex/comments/bp117c/spacex_releases_new_details_on_starlink_satellite/eno7exn/?utm_source=share&amp;utm_medium=web2x">this online discussion</a> and a possible solution suggested &#8212; the entire constellation could dynamically pool and share data from each satellite as well as use NORAD tracking data, which <a href="https://twitter.com/ChrisG_NSF/status/1128787802093694985">Musk mentioned</a> during the media call.
</p>
<p>
SpaceX may be approaching this as a machine-learning problem in which the entire constellation, not individual satellites, is learning to avoid collisions using its shared data as well as data from other sources like NORAD. One can imagine sharing such data with competitors like OneWeb and Telesat or even with Russia, China or India. (Elon Musk is known to read science fiction &#8212; this speculation is reminiscent of Azimov's <a href="https://www.wikiwand.com/en/Gaia_(Foundation_universe)">Gaia</a> or Teilhard de Chardin's <a href="https://www.wikiwand.com/en/Noosphere">noosphere</a>).
</p>
<p>
The prospect of launching 60 satellites at once and a shared-data approach to collision avoidance have grabbed my attention, but Musk's tweets and media call were also highly informative &#8212; a few examples:
</p>
<ul><li><a href="https://twitter.com/thesheetztweetz/status/1128790912090423297">There's a lot of new technology in the satellites &#8212; things could go wrong.</a></li>
<li><a href="https://twitter.com/thesheetztweetz/status/1128793890989985794">The initial constellation will not have inter-satellite links.</a></li>
<li><a href="https://twitter.com/ChrisG_NSF/status/1128797080502317058">Each Starlink costs more to launch than it does to make.</a></li>
<li><a href="https://twitter.com/thesheetztweetz/status/1128788985944387587">They will partner with telephone companies in sparsely populated regions.</a></li>
<li><a href="https://twitter.com/elonmusk/status/1127391581072347137">Six more launches of 60 sats needed for minor coverage, 12 for moderate.</a></li>
<li><a href="https://twitter.com/nextspaceflight/status/1128791505504743431">We have sufficient capital to build an operational constellation.</a></li>
</ul>
<p>
All that and they have yet to launch the satellites &#8212; stay tuned.
</p><p><em>Written by <a href="http://www.circleid.com/members/7705/">Larry Press</a>, Professor of Information Systems at California State University</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/access_providers">Access Providers</a>, <a href="http://www.circleid.com/topics/broadband">Broadband</a>, <a href="http://www.circleid.com/topics/wireless">Wireless</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=tBFZ2ZY3mA8:w8Lg6RdWpPM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=tBFZ2ZY3mA8:w8Lg6RdWpPM:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=tBFZ2ZY3mA8:w8Lg6RdWpPM:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=tBFZ2ZY3mA8:w8Lg6RdWpPM:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=tBFZ2ZY3mA8:w8Lg6RdWpPM:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=tBFZ2ZY3mA8:w8Lg6RdWpPM:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=tBFZ2ZY3mA8:w8Lg6RdWpPM:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=tBFZ2ZY3mA8:w8Lg6RdWpPM:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=tBFZ2ZY3mA8:w8Lg6RdWpPM:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>A Report on the ICANN DNS Symposiumtag:circleid.com,2019:blogs/1.118932019-05-16T18:39:00-08:00Geoff Huston<p>By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space where certain names are instantiated to be resolvable using the DNS protocol. It is always useful to remember that other name resolution protocols exist, and they may use other parts of the domain name space. Having said that, the recent ICANN DNS Symposium was almost exclusively devoted to the name space associated with the DNS resolution protocol, and this protocol.
</p>
<p>
The DNS protocol represents an inconsistent mix of information leakage and obscurity. When a name resolution query is passed through a forwarder or a recursive resolver, the identity of the original source of the query is not preserved. Name resolution is a hop-by-hop process that hides the end user's identity in address terms. At the same time, the full query name is used throughout the resolution process, which exposes the end user's DNS traffic in all kinds of unanticipated places. Oddly enough we've seen recent changes to the protocol specification that attempt to reverse the effect of both of these measures!
</p>
<p>
The anonymity of the end user in DNS queries was compromised with the adoption of the Client Subnet extension. The ostensible rationale was to improve the accuracy of DNS-based client steering, allowing an authoritative name server to respond with the content address that would optimize the user experience. However, when one looks at the number of Client Subnet enabled authoritative servers on a country-by-country basis the countries which feature at the top of this list include the United States, Turkey, Iran, China, Taiwan and the United Kingdom. Some 10% of users use recursive resolvers that will add effectively gratuitous client information to the query. It seems that use of the client subnet extension has gone far beyond the original objectives of using the DNS to perform content steerage, as David Dagon pointed out in his keynote presentation to the symposium.
</p>
<p>
At the same time, we've seen moves to seal up the gratuitous information leaks in the DNS. The use of full query names when performing name server discovery is a major problem in the DNS, and the operators of the root zone servers tend to see a wealth of information relating to terminal names as a result, as do the operators of the top-level domains. The adoption of query name minimization by recursive resolvers effectively plugs that leak point, and the resolver only exposes the precise extent of information that it needs to expose in order to complete the various steps in the iterative name server discovery process.
</p>
<p>
<strong>The EU NIS Directive</strong>
</p>
<p>
The introduction of the GDPR regulations in the EU and the adoption of similar measures in other national environments has gone a long way to illustrate that the Internet's actors are not beyond conventional regulatory purview. There is a relatively EU directive, concerning the operation of "essential services" and the imposition of various requirements on the operators of such essential services, with hefty fines for non-compliance with the measures and also for serious outages of the essential service, as Jim Reid pointed out. The usual suspects of transport, banking, health care, financial markets and similar services are all part of this measure, but there is the inclusion of digital infrastructure in this directive, which appears to sweep in top-level domain registries and DNS service providers. What makes a DNS service "essential" is an interesting question. How to measure such criticality when much of the information is provided in local caches is also an interesting question.
</p>
<p>
Working out a set of objective metrics to define an "essential" part of the DNS infrastructure seems like a rather odd requirement, but to implement this NIS directive we may see work in this area. In any case, the bottom line is very clear. The name space is part of a set of essential public services, and it demands far more than a "best available effort" response by DNS service providers.
</p>
<p>
<strong>Measuring "DNS Magnitude"</strong>
</p>
<p>
If parts of the DNS are considered to be an essential service, then we may want to have some kind of metric that measures the use or impact of a domain name, as compared to other domain names. This leads to efforts to measure what has been termed "DNS Magnitude".
</p>
<p>
The DNS name resolution infrastructure is basically a collection of caches. The whole approach is to ensure that as often as possible, your DNS queries are directly answered from a nearby cache. The queries that seen at the authoritative servers are essentially cache misses. This confounds various attempts to measure the use of any domain name. If the name uses an extended cache time (TTL) then the number of cache misses will drop. If the use pattern of a name is highly bursty again, the cache will be very effective, and the authoritative server will see a small cache miss rate. So how can one use the query data seen as an authoritative name server to measure some aspect of the popularity of a domain name if the effective query rate is so dependent on the name's TTL settings?
</p>
<p>
The work presented by Alex Mayrhofer of nic.at starts with the assumption that the number of queries is of less value than the number of discrete hosts. He cites the extreme example that 100,000 queries from the same host address are lesser indicators of domain impact than a single query from each of 100,000 hosts. The basic idea is that if the shared name server sees a certain number of hosts making queries, then the relative magnitude of any particular domain name is the ratio of the number of hosts performing a query for this name as compared to the size of the entire host set.
</p>
<p>
The work uses a log scale to capture details of the "long tail" that exist in such metrics, so the refined metric is the log of the host seen querying for a domain compared to the log to the size of the overall host set. The metric appears to be reasonably independent of TTL settings, but it does assume a wide distribution of DNS recursive resolvers, which appears to be an increasingly dubious assumption as the large open DNS resolvers gather more momentum. One can only guess what QNAME minimization will have on this work, as the query rate would be unaltered by the full domain name is occluded from the upper-level DNS servers.
</p>
<p>
<strong>Dark Deeds in the DNS</strong>
</p>
<p>
It is no secret to either the people who undertake dark deeds on the Internet or to those trying to catch them that the DNS is one of the few systems that is universally visible. So, it's no surprise that domain names are used to control botnets. Much time and effort has been spent studying DNS and how the DNS has been co-opted to control malware. Stewart Garrick of Shadowserver presented on the Avalanche investigation, a multi-year law enforcement effort that spanned several countries. Some 2.5M domain names were blocked or seized during the investigative process.
</p>
<p>
There are various forms of blacklists that are intended to help service providers in denying oxygen to digital miscreants. One of these, SURBL, was described at the symposium. It uses a DNS-based reputation database where a client can append the common surbl.org suffice to the name and query the DNS for an A record. If the query returns an address within the loopback address prefix, then this DNS name has been listed as blocked by the operators of this service.
</p>
<p>
As Paul Vixie explained, SURBL is a specific instance of a more general approach to Response Policy Zones in the DNS that have existed for many years as a standard for DNS firewall policies. The firewall operates via a DNS zone and firewall rules are published, subscribed to, and shared by normal DNS zone transfer protocol operations. A recursive resolver can be configured to subscribe to a response policy, and resolution operations for firewalled names result in a NXDOMAIN response being generated by the recursive resolver. Implementations of this approach exist for Bind, Knot, Unbound and PowerDNS. More information on this approach can be found at <a href="https://dnsrpz.info">https://dnsrpz.info</a>.
</p>
<p>
<strong>Domain Attacks</strong>
<br />
<br />
Much has been said in recent times about the weakest link in the secured name environment, namely the link between the registrar and the name holder. If this relationship can be breached and unauthorized instructions can be passed to the registrar, which in turn are passed to the registry and make their way into the zone file, then the resources that lie behind the name can be readily compromised by trusting applications. One service operator, PCH, was compromised in this manner, and Bill Woodcock shared some details of the attack process. The subversion of the name matched a local holiday shutdown window. An earlier attack had exposed a collection of EPP (Extensible Provisioning Protocol) credentials. The rogue instructions to change the target's name servers were passed into the system via a compromised EPP credential. With control of the domain, it was then possible to obtain a domain validated name certificate immediately, using a CA that did not perform DNSSEC validation, even though the domain was DNSSEC-signed. This then allowed a remote mail access server (IMAP) to be compromised and IMAP account credentials to be exposed, together with mailboxes, and all other material sitting in various mail stores. Because the DS records were not altered in this particular attack, other information that required a validation check on the domain name was not exfiltrated. If the attack had also changed the DS records, it might have exposed more assets.
</p>
<p>
The attack was a well-rehearsed and rapidly executed set of steps, so other defense mechanisms, such as certificate logs ("certificate transparency") offer little in the way of substantive defense here. In this particular case, the use of DANE to perform certificate pinning would've been of material assistance, particularly if the TLSA record in DANE referenced the zone's KSK public key, but this particular case was an NS delegation change without a DS record change. Had the attacker also changed the DS record then DANE would not have been helpful. A similar comment can be made about CAA records and other forms of in-band pinning.
</p>
<p>
More generally, if the registrar/customer relationship is vulnerable, then many other aspects of name security are also vulnerable. If the attacker can alter both the delegation records and the zone signing key data in the parent zone, then there is very little for applications to fall back on to detect the attack and correctly identify the new information as bogus. It seems that in today's name environment that registrar/customer relationship is not well protected in many cases, and minimum practices of two-factor authentication would be a necessary and practical minimum. The other aspect of such attacks is the speed of execution. Deliberately slowing down the process of change of records in the parent zone through registry lock practices does offer some tangible benefit.
</p>
<p>
As usual, there is no magic cure-all defense here, and careful selection of name registrars, coupled with constant monitoring, is an essential minimum these days.
</p>
<p>
<strong>DNS over HTTPS</strong>
</p>
<p>
Any DNS meeting would not be complete without extended mention of DNS over HTTPs and the Symposium was no exception. However, I have covered this topic in some detail in recent posts, so I'll skip making any further comment here!
</p>
<p>
<em>Meeting Materials</em> &ndash; The full agenda and presentation materials for the 2019 symposium can currently be found at <a href="https://www.icann.org/ids">https://www.icann.org/ids</a>
</p><p><em>Written by <a href="http://www.circleid.com/members/602/">Geoff Huston</a>, Author & Chief Scientist at APNIC</em></p><p><strong>Follow CircleID on <a href="http://twitter.com/circleid">Twitter</a></strong></p><p><strong>More under:</strong> <a href="http://www.circleid.com/topics/cybersecurity">Cybersecurity</a>, <a href="http://www.circleid.com/topics/dns">DNS</a>, <a href="http://www.circleid.com/topics/icann">ICANN</a>, <a href="http://www.circleid.com/topics/internet_protocol">Internet Protocol</a></p><div class="feedflare">
<a href="http://feeds.circleid.com/~ff/cid_master?a=vn7M6kGUDys:eis_CouXUQc:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/cid_master?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=vn7M6kGUDys:eis_CouXUQc:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/cid_master?i=vn7M6kGUDys:eis_CouXUQc:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=vn7M6kGUDys:eis_CouXUQc:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/cid_master?i=vn7M6kGUDys:eis_CouXUQc:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=vn7M6kGUDys:eis_CouXUQc:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/cid_master?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=vn7M6kGUDys:eis_CouXUQc:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/cid_master?i=vn7M6kGUDys:eis_CouXUQc:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.circleid.com/~ff/cid_master?a=vn7M6kGUDys:eis_CouXUQc:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/cid_master?d=I9og5sOYxJI" border="0"></img></a>
</div>